Worm 'Storm' gathers strength

Not all worms are created equal. Some cause minor annoyance. Some propagate madly for a few weeks, then end up doing nothing worse than wasting bandwidth. Some strum up some spam, and then that's it.

Then, every once in a while, a worm will come along -- such as Storm -- that potentially has the power to shutdown even the largest, and most protected of networks, at the drop of a cyber-hat.

First pinned down in mid-January of this year, Storm (also known as Dorf/Fam, Peacomm, and SMALL.EDW by Sophos, Symantec, and Trend Micro respectively) has been quickly gaining in strength. It takes advantages of holes in Windows operating systems -- pretty much every version of Windows, excluding Windows Server 2003.

Once a system is compromised by the trojan, the 'Stormed' computer will become a zombie-slave. The comprised computer then becomes one more machine composing Storm's massive botnet. The virus primarily propagates itself by using this gargantuan botnet to send out infected emails that have intruiging, fake news headlines for subjects -- such as: “Chinese missile shot down USA aircraft” or “U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel.”

How big is Storm's botnet? Some estimates think the botnet could be as large as 50 million computers. It's entirely possible that one person is behind the worm, pulling the strings, and is able to focus the power of this zombie-network, however they like. “In terms of power, the botnet utterly blows the supercomputers away,” chief anti-spam technologist Matt Sergeat, from MessageLabs, was quoted as saying. “If you calculate pure theoretical throughput, then I'm sure the botnet has more capacity than IBM's BlueGene. If you sat them down to play chess, the botnet would win."

So far, experts have seen the activity of Storm's botnet periodically spike, for a few hours at a time. But it is estimated that only about %10 of the botnet's power has been applied in these activity spikes -- if the person pulling the strings of Storm were to fully engage the zombie-networks, the full Denial-of-Service powers could possibly be enough to cause severe chaos -- such as overwhelmingly networks of even the largest of companies and services.

It is also possible that the services of the 'Storm' infection could be 'rented' to service nefarious criminal purposes, such as mega-spam campaigns, or possibly even to launch some sort of mercantile cyberwar.

So far, it seems that Storm has been applied to 'pump-and-dump' stock scams (the zombie-networks send millions of emails saying that some stock is about to take off -- and once the price of the stock is artificially inflated by many suckers buying into it, the stock is sold off for huge profits.)

Chief forsenic officer of MyNetWatchman.com, Lawrence Baldwin, related to website itnews.com that: “Cumulatively, Storm is sending billions of messages a day. It could be double digits in the billions, easily."

It'll be interesting to see if the full force of Storm will be unleashed before network security specialists, or Microsoft employees, are able to clamp down at all on the trojan's proliferation -- but unfortunately, it seems the primary reason why this worm has gotten so huge, is that many people just can't resist opening up mysterious emails with interesting subjects.

Every Windows but the 2003 server edition. For some reasons that are unknown, the worm's code excludes that operating system, even though (from what I read) it looks like the worm would be able to wiggle into Windows 2003 server edition just as easily.

Hehe, I think you have me confused with the other writer here, 'micahwrites', aka Micah Grunert.

I'm not anti-Windows. I'd recommend people to use Linux over Windows, but I am far from anti-Windows. There is no bias in this article that I can see -- this massive worm only affects Windows machines, it has nothing to do with my personal preference of OS.

I do believe Windows to be an inferior operating system -- but one of the big reasons (if not the primary) reason why it has so many security issues is the simply fact that it is the overwhelmingly most popular OS in the world. And as flawed as Windows may or may not be, I have no problem admitting that I use Windows Xp on my home system much more often than Linux.

Thanks for your comments though (sincerely). I'm totally open to people 'calling me out' if I display any bias (anti-MS or whatever) in my articles -- but I don't think that is the case here.

I've seemed to have received the rather dubious title of 'Anti-MS Micah'.

To set the record straight, the only reason I slag Windoze is because of the huge security holes and vulnerabilities of that OS. I may use Ubuntu Linux Feisty Fawn (looking forward to Gutsy Gibon come OCT 18th and Hearty Heron in the new year) 80-90% of the time, but Windows still has a place in my digital life.

CAD (Computer Aided Design/Drafting) is the domain of Windows. I do a lot of metal working and wood working and always CAD my designs in Windows first. I could run CAD in Windows under VMware, but I don't like the performance loss of virtual machines. There's some CAD software for Linux, but it's not as featured as what I'm used with AutoCAD and TurboCAD and AutoSketch. OSX, not much CAD their either.

3-D gaming is great in Windows while it feels like 1992 all over in Linux and is practically non-existent in OSX. That may start to change as AMD/ATI are upping their Linux support, new Linux packages for enhanced Nvidia/ATI video car drivers are coming out and many game developers are opening up to OpenGL as the insanity of DX10.1 has left a sour taste in their mouth. Interoperability of games between MS/Linux/OSX has been a long time in the waiting and may become a reality pretty soon. But for the scant amount of 3-D gaming I do try to enjoy for maybe 1 hour per week, I'll always prefer a Windows box with a tweaked version of XP Pro (and Vista for those 2 Vista only games) for the highest frame rate possible.

Photoshop and image work is either Windows or OSX. Yes, the Gimp in Linux is nice, but it doesn't have the feel nor the features of Photoshop. So, Photoshop on a dedicated Windows box, or under VMware in Ubuntu for me. If I were to have a big pile of cash drop into my lap, I'd get a Mac for that stuff.

Multimedia is cross platform, but I prefer to use Linux for that as there is no DRM in Linux. Furthermore, there are all-in-one solutions like MPlayer that plays every video and sound format that exists and Acetone (the Linux variant of Alcohol) that will burn, rip, encode, decode and do anything to any file format you throw at it. Neither Windows software nor OSX software can make such a computability claim. But for movie editing, I'd want a Mac. It just feels better using iMovie.

Office Apps are somewhat pointless today. OpenOffice works great, it's free and it's all I use anymore. It's lightning quick in Linux and can do anything MS Office can do.

So, I'll admit that I don't like all of the viruses and exploits of Windows, but I will use Windows for those reserved applications of gaming and CAD. But as it goes with me and computers right now, I'm more than comfortable with Ubuntu and will continue to use it for as long as it provides the features I need.

But the biggest plus of Linux, no viruses, highly customizable, tonnes of apps and absolutely free.